Who Ya Gonna Call? Black Duck Audits On Demand

Who Ya Gonna Call? Black Duck Audits On Demand

"We had a client who was doing an acquisition and would have brought you in, but it was too late in the process.”

It’s frustrating to hear that because I bet we could have pulled it off. The reality is that we’re very often brought in late in the process; it’s just the nature of mergers and acquisitions.

Black Duck Audits

Black Duck is the Ghostbusters of open source audits. Roughly 90% of our audit business is in the context of M&A transactions, generally working for strategic or private equity acquirers, although savvy sellers come to us proactively as well. Why do so many companies call Black Duck for help in M&A? We have the scale to mobilize extremely rapidly and apply resources to meet the tightest deadlines. I’m at my proudest when our team delights customers with hyper-responsiveness.

Meeting “Impossible” Deadlines

Here’s a great example from a happy client of Black Duck’s “magic”:

ADP has successfully used Black Duck for audits for many years, but recently they outdid themselves. Due to internal issues, we called at noon one day asking for what we thought was the impossible, a next day delivery. Amazingly, Black Duck made it possible and had auditors work all night in order to deliver a report by 11 a.m. the next morning. It’s really important for us to have a partner that can bail us out in such a pinch.”

– John Generelli, Senior Director Software Asset Management, ADP 

Another example. One fine Saturday of Labor Day weekend, I came off the water to find three new voice messages. One was from a company we’d not done business with before and the next one was from their attorney. The last message was from our CEO, whom they’d also called because they were so anxious to get going. Only a week before the scheduled close of a transaction, they needed an open source audit report by the following Friday. Several of our team members pulled away from their weekend activities to work with the target. By that night we had the job scoped on what turned out to be an enormous code base.

Standard delivery for this scope is about one month, but the deadline, now six days out, wasn’t moving. By Sunday we had agreements signed with both acquirer and target, and got most of the code uploaded, which allowed work to commence late Sunday night. By Monday morning (a holiday, remember) we had a team working on the project, and we were able to deliver by Friday. On Tuesday, in the middle of the audit, the target discovered another week’s worth of code. We were able to knock that off before the following Monday, with just enough time for review before the transaction closed.

These are two fairly extreme examples, but it’s not unusual at all for us to get calls at the last minute and to make it all work. It’s in our team’s DNA because it’s what M&A customers require.

Scope Your Audit

All that said, the earlier you involve Black Duck, the less stress and cost involved. It’s often worth it, but it’s definitely more expensive to rev up our resources on a Friday night for weekend work. As soon as practicable, let us scope the audit so we all know what we’re dealing with. It takes some cooperation from the target and a little work on our part, but we are happy to do it even if you are not sure about the state of the transaction. Visibility into future projects is very helpful to our planning.

The bottom line is: Involve us as early as possible — but in a pinch, please, please, don’t assume it’s too late. If you or your clients need Black Duck’s help, never be shy about calling.


Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


How an Open Source Software Audit Works

| Mar 20, 2017

Most of our readers understand that an open source software audit involves expert consultants analyzing a proprietary code base using Black Duck tools. The deliverable is a report that identifies open source in the code as well as associated risks. If you’d like to understand our process — what

| MORE >

Auditing Code Quality: A Broader Picture

| Mar 2, 2017

Black Duck is well-known for open source audits, but that is only a piece of the technology due diligence puzzle. Auditing code quality assesses other aspects of a company’s software assets and completely complements an open source audit. Both audit types dive into issues that impact the valuation

| MORE >

3 Areas of Open Source Risk: Legal, Security…Do You Know the Third?

| Dec 20, 2016

Looking back five or ten years, companies managing open source risk were squarely focused on license risk associated with complying with open source licenses. Beginning in 2014, when open source security vulnerabilities began to get names (like Heartbleed, Shellshock and Poodle), open source

| MORE >